Subscribe to our Best Free Adware/Spyware/Scumware Remover
|
In a Hurry?
|
 Go straight to the Quick Selection Guide |
|
Introduction
|
|
It's been some time since my last round of testing, and the time has certainly come for a refresher. Adopting much the same approach as previously, I have been asked if there were any surprises, and the honest answer is yes, there have. The most significant surprise was how difficult I was finding it to infect my system in the first place. After three hours of browsing, deliberatley choosing websites and domains where infection was almost a prerequisite, I had nothing, and it was only after investigating various system settings that I found out why. For those looking for the technical "how I did it", I once again started with a clean install of XP SP2 on a virtual machine, patched with the necessary microsoft updates. I deliberately did not upgrade to SP3. Having gotten my clean install, I backed it up, and then went off to infect it. Before doing so I downloaded installation packages for those on test, and once I had my machine infected, I backed up the infected machine. I restored the original infected machine to test each product, ensuring a level playing field for each test. Finally, I did incremental scans with each product on the same infected system. |
|
Discussion
|
|
So, the question is why was it so hard for me to get my machine infected in the first place, and having identified the "problem", my top recommendation is not an anti-malware product, and doesn't even involve a download or a scan of any type. It doesn't offer any form of protection on your PC, but it will help enormously against infection in the first place. What is this magic solution? For some time, I have been using OpenDNS as my DNS server, rather than my ISPs own offering. I hadn't realised how pro-active OpenDNS is in the fight against drive by malware protection. Quite simply, every time I tried to visit a site guaranteed to infect me, it was simply shown as not found. During normal browsing sessions you never see this, and so it took me a while to realise the cause. Only after switching back to my ISP hosted DNS was I able to find the infections that I craved. Requiring only a quick, free registration and simple confirguration change, you improve your protections considerably. Having made that recommendation, it is still possible to infect your system, either running software that may spread infection, or visiting sites that may not be in OpenDNS blacklist, and whilst an excellent first line of defence, local protection is still a must. Top of the list once again is SuperAntiSpyware, which successfully detected and cleaned 121 threats on my test system. A fairly lightweight download and simple installation (5.99 MB) mean that this is not a burdensome product. If anything, the general package, whilst aesthetically similar, is improved since last time, managing to detect and clean after a single scan rather than the two scans required last time. A reboot to complete cleaning was still required, though this is a minor inconvenience, and required by most packages. If I had to raise a critisicm, it's that the freeware version still installs a startup item which doesn't actually do anything at all. In the paid version, it loads the always on protection which is not available in the freeware version. This minor annoyance aside, it remains my top recommendation.
Promoted this time to joint second place is A-Squared free edition, and let me be very clear that it is ONLY the free edition that I am able to recommend. A-Squared was able to identify just 43 infections, though some of the more serious threats identified by SAS were included in these. If we disregard tracking cookies, then the margins narrow. However, detection rate is only half the battle, and unfortunately A-Squared was unable to automatically clean some of the more virulent infections found itself. Nevertheless, it helpfully provides a link to forums for manual removal instructions.
The downside of A2 is the download size, being a huge 54.2 MB, immediately followed by a further 20MB updates. Anyone on restricted bandwidth or dial up may be advised to look elsewhere, but for an average broadband connection this should not be a factor.
As mentioned, I can only recommend the freeware version. During testing I inadvertently downloaded the full version of A2, which runs in evaluation mode for 30 days. Strangely, the full version hung on the scan during each test (though the program itself didn't crash), which is a particular worry.
Sharing the second place spot is MalwareBytes AntiMalware. MBAM caused me considerable problems initially, being one of two programs that had been actively bocked from running by one of the nasties I had picked up. Only after renaming the main executable, and running it in safe mode was I able to proceed. This initial scan found 19 infections and managed to clean them sufficently that when I rebooted I was able to run the program in a normal environment. I updated the program and ran a full scan, which found a further 8 infections, bringing the total to 27. Where MBAM did better than other products on test was it's ability to remove hijacked DNS entries (which forced redirection of links from popular search engines to less productive sites).
Separating A2 and MBAM is almost impossible. I found them to be on a par with each other regarding their scans, but both require a technical proficiency that many may not posses; A2 requires manual removal of many threats, whilst MBAM forced me to jump through hoops to get it working.
PCTools SpywareDoctor SE also performed well in scanning, finding 24 threats (excluding cookies). Unfortunately, cleaning the system proved more problematic. Despite reporting successful cleansing, SD failed to terminate processes already running, and did not in fact clean some of the more annoying infections. It would also be useful if SD prompted a reboot after cleansing, though it did not do this, and only experience dictated that this would be a good idea.
SD does, however, include real time protection, which most other products don't, and this protection did block those infections that it had failed to clean. Nevertheless, a further scan and clean with SAS was needed to fully clean my test system. A fine effort, but sadly falling short of the mark. Do note that the free version is no longer available from the PCTools website. It can be obtained as part of the google pack, or from here.
Old timer Adaware, coming in at 35.7MB performed reasonably, if not exceptionally, finding a further 24 infections even after cleaning with A-squared, 4 of which represented real threats, whilst the remaining 20 were cookies.
Doing less well in on demand tests were Spybot S&D, Spyware Terminator and The Cleaner 2010. Spybot was the other program that was actively blocked from running, and nothing I tried could overcome this. It does come with an on demand file scanner which can be run from the command line and set to scan your entire drive. However, after letting this run for over an hour and noting that progress had barely touched my relatively small installation system (2.1 Gb) I cancelled. It would take an age to complete the scan, and would only examine files. Registry entries and services would be left untouched. Spyware Terminator found just 3 threats, and The Cleaner 2010 found absolutely none.
In terms of real time protection, Comodo BoClean is still king of the hill in my books, although there are worries that the free version may not be available much longer, which is a shame. Nevertheless, for a paltry 1.77MB download, you should grab it while you can.
Avorax shield is still in development, and starting to mature, though there are still bugs to be ironed out. For example, once installed, and after the obligatory reboot to enable it to start it's services, it immediately complained that it could not find Firefox. This is no surprise since FF was not installed on the test system, though I fail to see why it should prevent it from doing it's job. Maybe as time progresses this will become more viable, but in my opinion it isn't quite there yet.
And so that leads us to my standard "other recommendations". Internet Explorer has now reached version 8, which I am sure will become the most prolific web browser before too long, and as such will be the most heavily targetted. I stand by previous recommendations that an alternative browser (of which there are many free ones these days, including Firefox, Opera, Google Chrome and Safari) will offer a safer browsing experience.
And in order to shut the door after the horse has bolted, there is still little more useful that HiJack This, which is still a tool requiring expert help, but can be invaluable in helping to clean an infected system. Fortunately, the expert help is still only a forum away.
 And as always, let common sense guide you. Don't run a program from an untrusted source, and don't visit websites where infection is likely. You should also beware of popups from programs that you haven't installed, some of the fake anti-spyware I managed to pick up in my browsing sessions was surprisingly convincing. Remember, sometimes malware will scream into your face that it is there (see pic, not a genuine window amongst them). It will just not tell you what it really is.
|
|
Related Products and Links
|
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
|||||||||||||||||||||
|
This software category is maintained by volunteer editor Steve Hargreaves. The comments section below is so lengthy that it has become difficult for our visitors to read. Future posts will now be edited for length and repetition, and personal attacks deleted. You are all welcome to join our Security Forum which is much better-suited for intensive debate ... peter |
|||||||||||||||||||||
4.26.1006 
Unrestricted Freeware 
Windows 98, 98SE, ME, 2000, Vista, 2003 and XP Home/Pro
Delicious
Digg
StumbleUpon
Please rate this article
Here is the link to an useful article about how to secure your PC, using (free) behavioural antimalware from Symantec-owned Aussie security vendor, PC Tools, and a behavioural scanner from Dutch firm SurfRight, that exists to catch the nasties that can not be detected by your security software:
http://www.pcadvisor.co.uk/securityadvisor/blogs/index.cfm?entryid=11846...
There is, also, another useful article, which contains several short tutorials about how to protect your PC from dangerous threats. But it is difficult to read. (It is written as a Flash app. You have to right-click on a certain text area and Zoom In. Changing the screen resolution does not help.) Nevertheless, for those who are really interested, which, either have patience, either have big TFT monitors, I will post the link:
http://cde.cerosmedia.com/1H4a28ede090b84012.cde
Wolfram
I just have discovered an interesting article - about the current threat and vulnerability landscape associated with the browsers; and about two applications, Sandboxie and ThinApp - which serve
as representative examples of how one can leverage sandboxing and application virtualization to
possibly achieve greater browser security.
And I decided to share it with the readers of this Forum. This is the URL:
http://www.sans.org/reading_room/whitepapers/hsoffice/a_virtually_secure...
It is only available as a .pdf file.
Wolfram
I updated and scanned with SUPERAntiSpyware today and was offered a lifetime pro licesne with program updates and everything for $9.95.
That's a cool offer! Check it out and see if you get it too.
I took it.
What about Spybot Search And Destroy? It's a great free malware remover!
It is mentioned in the review. "Doing less well in on demand tests were Spybot S&D, Spyware Terminator and The Cleaner 2010."
I think that the readers of this Forum would also like to read the next two articles - about the security measures which will be implemented by Pentagon and NSA. Here are the links:
http://news.yahoo.com/s/afp/20090623/pl_afp/usitcomputersecuritymilitary
http://www.voanews.com/english/2009-06-15-voa64.cfm
Of course, the "cyber-delinquents" are not sleeping. They are prepared to launch "countermeasures". The Race Spyware-Antispyware continues...
Wolfram
Interesting articles! But I believe the security practices for home users and military networks differ drastically.
I agree with your remark. Here it is one difference: ("No Windows
allowed!")
http://www.nsa.gov/research/selinux/
Unfortunately, the young recruits (and even the veterans) forget
where they are (in a Military Unit/Base/Agency) and they tend to
behave like in their own (civilian) homes. Especially in what
concerns the use of the USB and the Wireless devices...
Wolfram
Thanks very much for the links which are very informative. I don't deny the threats exist or the ability of various factions to carry them out but I also think there may be another agenda in play here.
Thank you for opening my eyes to opendns, its the best.
I had Super Antispyware on my system, it was not set to run at startup, when manually started it slowed my system to a crawl, and it never found anything except a few cookies and it said that Exifer (program for changing EXIF and IPTC data in jpg files) was a trojan. Therefore I decided to remove SAS. The SAS uninstall did not remove anything and left the entire SAS program directory and all SAS files in place.
I manually removed it and went back to Spybot S&D.
Richard
Great article, but one issue in comparing how much malware different apps find and remove, lies with the differences in the way such apps report their findings! I've noticed that different anti-malware apps report items such as duplicated registry entries, other files that are not infected but need to be removed to remove the malware etc, will sometimes report such findings differently, making it somewhat to evaluate how much stuff program a vs b has actually removed!
Now I think SAS is a great program, it's fast, light and very effective, but I reckon the way it reports it's findings is somewhat more.. verbose than some others apps!
Recently, Agnitum Ltd. has released a new free version of Outpost Firewall.
(Although somewhat "amputated", in its free incarnation, this software FW
is a quite lusty one.)
Here's one download link for Outpost Firewall FREE 6.51:
http://free.agnitum.com/
Also, Avira Ges.m.b.H has just released a new version of its "AntiVir" product.
What's new in this release:
· Quarantine manager: the number of columns has been reduced
· Quarantine manager: send files using HTTP
· System tray tool: display the status of modules on mouse-over
· Last system scan: individual configuration of the alert message
· Renaming "Win32 Heuristic" to "AHeAD" in the configuration panel
· Support for netbooks (screen resolution)
· Configuration panel: new button "Default Values". This button allows you
to restore the configuration to the predefined default values!
· New installation folder and registry keys for all products: "C:Program
FilesAviraAntiVir Desktop" and "HKLMSoftwareAviraAntiVir Desktop".
Now there are no differences between the products AntiVir Personal, AntiVir
Premium and Premium Security Suite any longer
· Configuration wizard after setup
· Process protection for GUI processes
· File and folder protection for AntiVir files and folders
· Registry protection for AntiVir keys
· Scanning of locked files
· Scanner: combined display of malware detections and one-click removal...
Here's the download link:
http://www.free-av.com/en/trialpay_download/1/avira_antivir_personal__fr...
By the way: Microsoft Corp. prepares to launch a FREE anti-virus service!
More about this, here:
http://www.reuters.com/article/rbssTechMediaTelecomNews/idUSN10449246200...
We would like to know Mister Steve's opinion about this initiative - based
on a (future) test...
Wolfram
An "update" to my post: it seems that Microsoft is preparing to launch more
than an anti-virus. It will be "a free anti-malware app". More details, here:
http://www.pcworld.com/businesscenter/article/166567/microsofts_free_ant...
Perhaps, when Mister Steve will have some free time, he will test, for us,
the anti-spyware capabilities of Avira Free AntiVir.
I think that there are readers who would like to know if Avira Free ensures
enough protection against spyware; or, if they have to use "a supplement".
Are there any malware species, detected by SUPERAntiSpyware, but not detected by AntiVir?
Wolfram
Let me ask for Mister Steve:
1. Outpost is a firewall and doesn't belong to this 'arena';
2. Antivir is AV and doesn't belong to this 'arena';
3. OneCare-whathever is AV/Suite and doesn't belong to this 'arena'.
I agree with you. But the distinction line between the FW, AV and Anti-Spyware
becomes more and more vague.
For example, "Outpost Firewall Free does not offer Anti-Spyware protection".
(So, even if you install it, you still need a capable AS app!)
This means that a modern FW... has to do with Anti-Spyware!
Also, there are Firewalls which are ensuring a certain level of protection
against several Trojan species. Or, Trojan horses are not self-replicating
- which distinguishes them from viruses and worms -, if we want to be rigurous.
When you say Trojan, you say something which differs from Virus.
So, I thought it is acceptable to post the above mentioned data, here.
I also wanted to underline, again, that you also need a good AV program.
The latest versions of Avira Free AV are also protecting against Spyware.
The conclusion? Avira AV has to do with the content of this Forum.
Even the so-called "Anti-Spyware" programs are detecting more malware
species, than strictly "spyware". (like the "adware", for example)
I wanted to herald the readers about these, let's call them, "premieres",
because they are important; they have a certain impact... Only Mister Steve
is the qualified specialist competent to decide if a certain post belongs,
or not, to this very useful Forum. If he decides to delete my post, than I
will accept his decision without any offense.
Anyway, in certain circumstances, we should not become rigide...
Wolfram
I didn't say I agree with Steve... what I said was what Steve replied in the past to such requests.
"we should not become rigide...", yep, your opinion is also mine.
You were warned about continuing along that line. The thread from here has been deleted. These comments are intended to be constructive and useful. They are not intended to be an excuse for a fight. Further comments or threads in the same vein will be deleted without warning or explanation.
Steve
Sorry I haven't replied to you guys more quickly. I've been going through an upgrade saga with my ISP and telecoms provider, which has left me with virtually no internet connection.
Anyhoo, with regards to comments here, I tend to disagree with hard line moderation, and I believe that open discussion, including where the dividing lines are is healthy and useful. Suitable recommendations for associated software (AV, FW etc) will not be deleted unless they are (in my opinion) posted for the sole purpose of promoting a paid for product, or are clearly inaccurate.
This apart form other conditions which apply to all posts, which are to remain courteous, non abusive, inoffensive and objective.
With regard to the comparitive merits of what are predominatly AV or FW, rather than predominatly anti-malware (which I take to be what's left - anti-spyware, anti-adware etc.) I will encourage ask people to visit the pages of my colleagues here at Gizmo's who have articles dedicated to those subjects. Nevertheless, I will not criticise or seek to prevent posts in the comments here purely on that basis.
With regard to recommendations that I believe fit this particular page, I try to take a weekend each month to catch up and test.
Steve
Couldn't agree more
My work here is done.
Hi, its still in its beta version but everyone know IObit software are really good, they have three very recognized software out already, Advanced SystemCare, Smart Defrag and Game Booster, they have just made IObit Security 360, its still in its Beta, but I thought u might want to check it out to see how it compares to these now or after the real one has come, here is the link: http://www.iobit.com/beta.html?Str=download
Gl.
IObit have released a new (beta) product. It's an anti-malware that includes realtime protection but is not a standalone protection program. It is supposed to be used with other security programs.
http://www.iobit.com/beta.html?Str=download
http://www.majorgeeks.com/IObit_Security_360_d6088.html
It means with an anti-virus software, not with another anti-spyware software. Im looking forward for the first version to come out, I love IObit softwares.
12 Free Security Software Tools!
You can read the article here:
http://www.pcmag.com/article2/0,2817,2347961,00.asp
I wonder why the free version of Avira AV has not been included...
Again, I take advantage from this opportunity to warn the readers of
this forum, about a new "security threat": the so-called ATM Malware.
More about this matter, here:
http://www.pcworld.com/businesscenter/article/166189/atm_malware_spreadi...
Wolfram
Two excellent and informative links - thanks for posting them.
SuperAntiSpyware has a key deficiency that led me to uninstall it and give my preference to other antispyware programs: its (far from lightweight) process doesn't get unloaded after a scan.
Why would I want a spyware scanner to keep an active process bogging down my system after it fulfilled its usefulness, i.e. a spyware scan ? Stopping the process manually after each time I use the program is just too troublesome.
Maybe if they could fix this I could consider using SuperAntiSpyware again in the future, but for now the competition gets my vote.
I think that this is related to the autostart issue that I highlighted previously, though it is easily resolved (simply exit at the tray). However, I have experimented a little more and the daemon in the free version takes up minimal resources (enough for the tray icon, pretty much, and that's about it).
In other words, you don't have a bloated app sitting behind it.
In the circumstances, I wouldn't let the tiny process sitting there put you off what is, otherwise, a very well performing program.
Steve
Hi Steve
Have you considered testing Windows Defender?
Thanks
I agree. What use are all the other benchmarks, if you don't know how your bare bones/out of the box protection compares? Windows Defender is enabled by default with Vista, I assume it is with Windows 7 to?
I intend to re-visit Windows Defender, although last time it was so appalingly poor that it wasn't worth the resources needed to run it. Nevertheless, I'll give an up to date version a try.
Steve
What would you use to get rid of the the fake anti-spyware that you show in your last paragraph of your review? I have the exact same pop-ups for a program called "XP Deluxe Protector" and I can't get rid of it. I used Ad-Aware but these pop-ups are still popping. I need something I can use as a non-computer literate person. Thanks, Gail
SuperAntiSpyware found and cleaned that particular nasty from my system. It was the only free program that successfully removed. Others either couldn;t remove it, or required manual removal.
Steve
Full instructions for removing this specific program using Malwarebytes are detailed here:
http://www.bleepingcomputer.com/virus-removal/remove-xp-deluxe-protector
You could follow the instructions here:
http://www.techsupportalert.com/content/spyware-removal-guide.htm
Hi Gail,
Try running a MalwareBytes Anti-Malware quick scan in Safe Mode (hit F8 while the computer is booting, choose Safe Mode with Networking so you can download, install, and update the definitions). Reboot into regular Windows, download, install, update, and run a full scan with SuperAntiSpyware. (Both can be downloaded from filehippo.com.) Finally, update the definitions on your regular antivirus program and run a full scan. Then you should be good to go.
Good luck!
(Another) Steve
Steve, Sir, I would like to ask you something:
would you recommend RunScanner, to your users, instead of HiJack This?
RunScanner is also a Freeware startup and hijack analyzer.
You can read more about it here:
http://www.runscanner.net/
In my opinion, RunScanner is a better application than HiJackThis.
It is also an easier one to use. It even has two operating modes:
Beginner and Expert.
You can use RunScanner to detect autostart programs, spyware, adware,
homepage hijackers, unverified drivers and other security related problems.
I am always using this application to check the USB devices - after I have
disinfected them with the AV program.
Please test, a little, RunScanner; and then tell us your opinion,
as a specialist.
I take advantage from this opportunity "to scare" a little more your
readers, with this information:
http://infoworld.com/d/security-central/hackers-infect-twitter-users-sca...
Wolfram
I'll take a look and let you know
Steve
Steve, Just wanted to let you know that I downloaded and installed Comodo BOClean V4.27 today as a supplement to my other anti-spywate programs as I have in the past used and been quite pleased with their Firewall. However after installing I got a message when I tried to run the program that it is no longer able to be used and that it has been integrated into their Internet Security program.
I hope this information may be of use to you and maybe BOClean needs to be removed from your recommendations shown above in view of this.
Keep up the good work.
Alan
Thanks for the info. I'd assumed that already available versions would continue to function. I'll be removing BOClean the next update.
Steve
I have BOClean still running but with no updates since May 26th obviously. Is there any point in still running it ??
It can't do any harm. BOClean is not signature based, which means the updates are not as important as they would be otherwise. As a behavioural based program it will still do it's job, unless some new behaviour that it doesn't understand comes along, of course.
Steve
I always thought BoClean relied on signatures?
Even if we have the very best security solution implemented on our PCs, we are still in danger. Here's one reason:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&...
Unfortunately, it is not the only vulnerability still unpatched by Microsoft Corp.
Because it is a quite severe one, I hope that the Admin. will not delete this post - at least until a solution will be announced (perhaps, a new version of DirectX).
Wolfram
There is an "additional" article about this matter, which is available here:
http://blogs.pcmag.com/securitywatch/2009/05/when_should_microsoft_back-...
Wolfram
Well if you don't open a "specially crafted QuickTime media file" you won't be infected. Also "Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights". And as the article said you can also disable Quicktime parsing automatically by downloading a Microsoft Fix-it.
http://support.microsoft.com/kb/971778
No offense, but please tell this to my girlfriend; or to her mates!!
She (and, I suppose, "the average user") knows almost nothing about
these matters... Warned people are better than the ignorants.
That's pretty alarmist. First, all of my machines are Vista or Win7, so according to the article they are immune from this threat. Second, from what I gather from the article, it certainly sounds like "the very best security solution" could stop this threat. If you're vigilant, educated, and use the tools recommended by this site (including backup tools), you will not be "in danger".
In my opinion, MICROSOFT is the "alarmist" around here. From what I know,
it is a very rare event: MS Corp. to recognize something "critical"!! And
if they did, I suppose it is, indeed, something serious. Perhaps MS Corp.
wants us all embarked in the Vista "hutch". And this might be the reason
for alarming the users. Still, this is not good news. Maybe all this noise
has a reason deeply connected with the security risks.
Fortunately (!), I suppose that most of us we are using Windows XP, not
Vista, as you do.
Hey, please, do not shoot the pianist! Wolfram only wanted to warn us.
He is not working for MS. Or... is he?
I do not work for Microsoft!
Wolfram
All news articles are alarmist, didn't you know? :)
Just kidding. But seriously quite a lot of the times it is a bit misleading.